|
Red Flag Rules Compliance Deadline Approaching - Friday, May 1st
Ambulance services need to take immediate steps to familiarize themselves with the Red Flag Rules and implement an Identity Theft Prevention Program in time for the May 1, 2009 deadline. These complex regulations contain a number of requirements for ambulance services in order to achieve compliance.
You don't need to spend countless hours swimming through and trying to understand these intricate regulations. The legal experts at Page, Wolfberg & Wirth have prepared The Red Flag Rules Survival Kit for Ambulance Services - a practical and easy to use "roadmap" to assist ambulance services in complying with the new regulations before the May 1, 2009 compliance deadline.
|
|
ALERT: New HIPAA Breach Notification Requirements
HHS Issues Guidance and Requests Public Comment on Technologies to Secure PHI
On April 27, 2009, the Department of Health and Human Services (HHS) issued guidance and a request for public comment regarding technologies and methodologies that render protected health information (PHI) "secure" for purposes of the soon to be issued mandatory breach regulations. As expected, HHS identified two methods for rendering PHI unusable, unreadable, or indecipherable to unauthorized individuals: (1) encryption, and (2) destruction. HHS is also soliciting comments regarding the guidance and we encourage all interested parties to submit comments to HHS on or before May 21, 2009.
In this guidance, HHS directs HIPAA-covered entities and their business associates to several publications from the National Institute of Standards and Technology (NIST) that describe technologies and methodologies that can be used to render PHI unusable, unreadable, or indecipherable to unauthorized individuals, i.e., "secure." HHS states that the guidance in the NIST publications creates the functional equivalent of a "safe harbor" regarding breach notification requirements. In other words, if covered entities and their business associates adhere to guidance in the NIST publications, they can lessen or even eliminate their breach notification obligations.
|
